Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mitel vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2023-25597
A vulnerability in the web conferencing component of Mitel MiCollab up to and including 9.6.2.9 could allow an unauthenticated malicious user to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A succes...
Mitel Micollab
5.4
CVSSv3
CVE-2021-32070
The MiCollab Client Service component in Mitel MiCollab prior to 9.3 could allow an malicious user to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an malicious user to modify the browser header and redirect users.
Mitel Micollab
9.8
CVSSv3
CVE-2021-32071
The MiCollab Client service in Mitel MiCollab prior to 9.3 could allow an unauthenticated user to gain system access due to improper access control. A successful exploit could allow an malicious user to view and modify application data, and cause a denial of service for users.
Mitel Micollab
6.5
CVSSv3
CVE-2021-32072
The MiCollab Client Service component in Mitel MiCollab prior to 9.3 could allow an malicious user to get source code information (disclosing sensitive application data) due to insufficient output sanitization. A successful exploit could allow an malicious user to view source cod...
Mitel Micollab
6.1
CVSSv3
CVE-2018-12901
A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and previous versions, could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A suc...
Mitel St Firmware
8.8
CVSSv3
CVE-2023-31459
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and previous versions could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does...
Mitel Mivoice Connect
8
CVSSv3
CVE-2021-3176
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows prior to 6.4.15 and 7.x prior to 7.1.2 could allow an malicious user to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit cou...
Mitel Businesscti Enterprise
6.1
CVSSv3
CVE-2023-25598
A vulnerability in the conferencing component of Mitel MiVoice Connect up to and including 19.3 SP2 and 20.x, 21.x, and 22.x up to and including 22.24.1500.0 could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack due to insufficient...
Mitel Mivoice Connect
9.8
CVSSv3
CVE-2023-32748
The Linux DVS server component of Mitel MiVoice Connect up to and including 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.
Mitel Mivoice Connect
6.1
CVSSv3
CVE-2020-28351
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated malicious user to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING&am...
Mitel Shoretel Firmware 19.46.1802.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »